GMP Compliance Adviser Update No. 3/2021
GMP in Practice
Chapter 9 Computer System Validation
9.C System life cycle
Computer systems consist of hardware, software, network components, the controlled functions and the associated documentation. The emphasis is on the word "system".
Most systems are purchased and not developed in-house. It is therefore important to understand the life cycle of a system and the associated validation (documentation) in order to be able to install, test and operate a system in compliance with regulations. Much of the work can be outsourced to suppliers and service providers, but not the user testing or ultimate responsibility for proper validation.
The development of computerised systems always includes a design phase and a realisation phase. Since systems undergo continual development, this is referred to as a cycle. The two most important parts of this cycle are specification and test. The specification defines what the system should do, and the test proves this.
Software development should be documented according to recognised standards or methods and be audited as part of supplier assessment.
Most systems today are configurable, i.e., settings can be changed by the user as required. This brings a certain flexibility, but on the other hand means strict change control and documentation. In some cases, it is even necessary to customise the software, i.e., to code it specifically for the customer. In these cases, a detailed validation according to GAMP®5 category 5 is required.
Once installed, tested and found to be valid, computer systems are not unchanged forever. Suppliers develop improvements and plug gaps, users want adjustments resulting from experience in daily use of the system, and processes in operation are subject to change. That is why a system "lives", because it is changed and modified at intervals. Changes to the configuration are subject to configuration control. Program changes or updates are subject to change control. Changes to critical parameters can be handled via audit trail/logbook mechanism.
The life cycle of a system, including validation, ends with decommissioning. (Markus Roemer, Siegfried Schmitt, PhD)
9.D System classification and risk management
The simple classification of the ISPE GAMP® 5 Guide divides systems into four software categories: infrastructure software, non-configured software, configured software and custom software.
This rough classification needs to be further refined using a quality risk management process. The process must distinguish between risk areas (process, functional, technical). Different appropriate methods can be chosen for the consideration of these issues. The goal is to assess the identified risks and to minimise them by taking appropriate measures.
The documented risk assessment, and above all the quality decisions that result from it, are of utmost importance from a regulatory perspective and must be verifiable. (Dennis Sandkühler, PhD, Markus Roemer, Siegfried Schmitt, PhD)
9.G External service providers
External service providers (IT management, services, consultants) and suppliers must be qualified to work in the pharmaceutical environment before activities can be outsourced to them. The outsourcing of the activities should be regulated in a specific contract, a service level agreement (SLA) or similar formal agreement. The depth of the evaluation of the contract acceptor and the definition of the acceptance criteria should be risk-based.
Industry uses various models of contracting out (outsourcing), such as offshoring, nearshoring and backshoring. A wide variety of reasons play a role, such as technical expertise or proximity to the site.
Regardless of the model chosen, regulations require good and complete documentation of the tasks and duties transferred. In addition, the contract giver is responsible for monitoring and reviewing the activities and performance of the contractors.
The formal basis for this is provided by the contracts with the IT service providers, which should cover formal, organisational and content-related aspects of the collaboration in as much detail as possible.
There are several options for reviewing and assessing suppliers and service providers, ranging from self-disclosure to on-site audits. The type of review and assessment depends on the risk-based classification of the supplier or service provider. (Markus Roemer, Siegfried Schmitt, PhD)
Chapter 21 Inspections and drug safety
21.D Preparing for GMP inspections
When a (foreign) authority announces an upcoming GMP inspection, an exceptional situation occurs in many companies. Extensive measures are undertaken that, to some extent, cancel each other out.
This article shows the individual steps that can be taken prior to and during an inspection in order to prepare for an actual GMP inspection. Many of the tips included were tested successfully in practice. The reader is provided with a comprehensive programme that includes checklists and suggested measures with a view to increasing the GMP compliance of a company prior to a GMP inspection.
A permanent readiness for inspection should be the aim of any pharmaceutical manufacturer. This chapter creates a solid foundation for short-term and long-term preparation phases. Great emphasis has been placed on the behaviour of the workforce in the company because at the end of the day, the expertise and behaviour of the employees decide how the inspection will turn out.
The chapter concludes with a description of the actions that are necessary after a GMP inspection.
The topic is supplemented by an outlook on the topics of quality oversight, knowledge management and quality culture, because GMP conformity and quality improvement are only guaranteed through these aspects. (Thomas Peither)
GMP Regulations
Chapter C EU Directives and Guidelines
C.10.1 Regulation (EU) 2017/745 onmedicaldevices (EU MDR)
The European MDR was amended by Regulation (EU) 2020/561 of the European Parliament and of the Council which has to be seen in the context of the COVID-19 outbreak. The extraordinary circumstances had and still have a significant impact on various areas covered by Regulation (EU) 2017/745, such as the designation and work of notified bodies and the placing and making available on the market of medical devices in the Union. Regulation (EU) 2020/561 established the necessary derogations and delayed the date of entering into force of the EU MDR for one year to May 2021.
Chapter D USA: CFR and FDA Guidelines
D.1.1–D.1.9 21 CFRs
The Code of Federal Regulations is subject to an annual revision. We have checked the CFRs for their correctness as of 1 April 2021. No amendments in content were identified to those regulations included in the GMP Compliance Adviser. With this update we provide the current versions of 2021.
Chapter E ICH Guidelines
E.3.C ICH Q3C(R8): Impurities: Guideline for Residual Solvents
ICH published the revised version (Step 4) of the ICH Q3C(R8) Guideline on 22 April 2021.
The Permitted Daily Exposure (PDE) values for the following substances were added as Part VI to the guideline:
- 2-Methyltetrahydrofuran (50 mg/day), classified in solvent class 3
- Cyclopentyl methyl ether (15 mg/day), classified in solvent class 2
- Tertiary butyl alcohol (35 mg/day), classified in solvent class 2
Toxicity details:
Methyltetrahydrofuran was found to be non-genotoxic in a mutation assay with bacteria, human lymphocytes and rats. No data are available on carcinogenicity. Reproductive toxicity and repeated-dose toxicity were not observed. The product was classified in solvent class 3.
For cyclopentyl methyl ether, no toxicity in humans was found. Likewise, no genotoxic potential was found. Again, no data are available on carcinogenicity. No statements could be made on reproductive and developmental toxicity on the basis of data available to date. The product was classified as a class 2 solvent.
For tertiary butyl alcohol, no genotoxicity was found either. The data on carcinogenicity do not allow any precise conclusions to be drawn with regard to the effect on humans, while changes in the renal tubules were found in rats. No precise statements could be made on reproductive toxicity either, but moderate transient systemic toxicity was found in rats. The product was classified as a class2 solvent.
Chapter F PIC/S Guidelines
F.9–F.12 PIC/S PE 009-15 Guide to Good Manufacturing Practice for Medicinal Products
The PIC/S GMP Guide was amended in its Annex 2, to consider Part IV on ATMPs of the EU GMP Guide. Please note, that these adjustments were not implemented in total alignment with the EU:
The former Annex 2 Manufacture of biological medicinal products for human use of the PIC/S Guide has been split into the following Annexes:
- Annex 2A: Manufacture of Advanced Therapy Medicinal Products for Human Use (ATMP).
- Annex 2B: Manufacture of Biological Medicinal Substances and Products for Human Use
Annex 2A summarizes the requirements for the manufacture of ATMPs and harmonizes them in a "reasonable" manner with the guidelines for ATMPs published by the European Commission. The EC had included the GMP requirements for ATMPs as a stand-alone Part IV in the EU GMP Guidance in 2017. However, this step was not followed. PIC/S was already critical regarding the document during the phase of consultation. In a letter to the EC, the concerns were summarized. According to the assessment of the PIC/S, the EC guideline would lower the GMP requirements for ATMPs and thus stand in contrast to the intended harmonization.
In Annex 2B, there were only minor changes compared to the EU GMP Guideline. Harmonization with Annex 2 of the EU GMP Guideline on the manufacture of biological active substances and medicinal products for human use was pursued further.
The changes to the PIC/S GMP Guide took effect on 1 May 2021.